Friday, August 24, 2012

Protecting Cars from Viruses

Intel's McAfee unit, which is best known for
software that fights PC viruses, is one of a handful of firms that are
looking to protect the dozens of tiny computers and electronic
communications systems that are built into every modern car.

It's
scary business. Security experts say that automakers have so far failed
to adequately protect these systems, leaving them vulnerable to hacks
by attackers looking to steal cars, eavesdrop on conversations, or even
harm passengers by causing vehicles to crash.

Our guess is that when cars get to the point that they drive themselves, those who understand how malware works-- and more important: how undeniably complicated modern software and its hardware architecture can be-- will start donning a pair of Converse Chuck Taylors and resemble a modern Luddite by driving themselves, a la Will Smith in I, Robot.

Computerized, self-driving cars may improve (emphasis on "may") safety stats; however, not if their software landscape looks like anything else we operate with a CPU in it these days. There are agencies with an operating budget larger than the GDP of several nations that are terrified about the possibility of malware injected into things like military aircraft or missile guidance systems. Given that, how in the world is an automobile for ~$20K (which is at most 1% of the price tag of the military's concerns) ever going to be 100% free of malware? Simple: it won't be.

Toyota Motor Corp, the world's biggest automaker, said it was not aware of any hacking incidents on its cars.

Officials with Hyundai Motor Co, Nissan Motor Co and Volkswagen AG said they could not immediately comment on the issue.

A
spokesman for Honda Motor Co said that the Japanese automaker was
studying the security of on-vehicle computer systems, but declined to
discuss those efforts.

Mums the word is a much smarter response to the press.

A spokesman for the U.S. Department of Homeland
Security declined to comment when asked how seriously the agency
considers the risk that hackers could launch attacks on vehicles or say
whether DHS had learned of any such incidents.

They probably declined to comment because they are working on exploits for these as well. Say it ain't so? Look no further than Stuxnet and Flame, of which the US Gov takes full authorship credits. It's the future of the "cyberwarfarestate".

We can't keep malware out of critical infrastructure SCADA systems. There's no way we can keep it out of your mom's minivan.